New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

SPLK-3001 Leak Questions

Page: 4 / 7
Total 99 questions

Splunk Enterprise Security Certified Admin Exam Questions and Answers

Question 13

Following the installation of ES, an admin configured users with the ess_user role the ability to close notable events.

How would the admin restrict these users from being able to change the status of Resolved notable events to Closed?

Options:

A.

In Enterprise Security, give the ess_user role the Own Notable Events permission.

B.

From the Status Configuration window select the Closed status. Remove ess_user from the status

transitions for the Resolved status.

C.

From the Status Configuration window select the Resolved status. Remove ess_user from the status transitions for the Closed status.

D.

From Splunk Access Controls, select the ess_user role and remove the edit_notable_events capability.

Question 14

Where is detailed information about identities stored?

Options:

A.

The Identity Investigator index.

B.

The Access Anomalies collection.

C.

The User Activity index.

D.

The Identity Lookup CSV file.

Question 15

Which of the following would allow an add-on to be automatically imported into Splunk Enterprise Security?

Options:

A.

A prefix of CIM_

B.

A suffix of .spl

C.

A prefix of TECH_

D.

A prefix of Splunk_TA_

Question 16

Which of the following is a key feature of a glass table?

Options:

A.

Rigidity.

B.

Customization.

C.

Interactive investigations.

D.

Strong data for later retrieval.

Page: 4 / 7
Total 99 questions